Healthcare Privacy and Security Regulations: Satisfying HIPAA, GDPR, 42 CFR Part 2, FERPA, and State Laws Protecting Health Information: One and a Half Day In-Person Seminar

By: Jim Sheldon-Dean, Principal and Director of Compliance Services, Lewis Creek Systems, LLC
Location 1:- San Francisco, CA | Thursday, January 17, 2019 | Friday, January 18, 2019

We need the below information to serve you better

Course Description:

Healthcare information has been under HIPAA controls for more than fifteen years now, and healthcare organizations are finally beginning to reach good compliance levels, but other regulations also impact health information privacy and security compliance. In addition to HIPAA, the rules for protecting information related to Substance Use Disorders have been in place since the 1970s, FERPA protects student information, including health and treatment information, various state laws call for protection of information, and now the European Union’s General Data Protection Regulation comes into play for the information of EU residents.

This session is designed to provide intensive, one and a half-day training in healthcare information privacy and security regulatory compliance, touching on the key regulations needing attention today.

The session will cover:

  • Principles of Information Privacy and Security
  • Privacy, Security, and Breach Notification under HIPAA
  • Interactions with the SAMHSA 42 CFR Part 2 regulations on information relating to substance use disorders
  • Interactions with the FERPA student information protections for information held by schools
  • Determining the scope of your GDPR exposure and issues to address
  • HIPAA as a foundation for GDPR compliance
  • Challenges with issues today that didn’t even exist a few years ago, such as insecure communications, Ransomware, and social media

This seminar will also explain audits and enforcement, as well as how to respond to privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided.

Learning Objectives:

This Seminar is designed for the healthcare compliance expert and newbie alike who wish to stay up with changes to HIPAA and related regulations in personal information privacy and security, such as GDPR, 52 CFR Part 2, and FERPA, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities. Objectives include learning related to a variety of topics, including:

  • Learning about patient rights, such as access and amendment of information, and how such rights are protected and enforced under HIPAA and other rules
  • How uses and disclosures may take place under HIPAA in a wide variety of circumstances, including such hot topics as sharing information with the family and friends of a patient, and how those disclosures would be limited by Part 2 rules.
  • When FERPA takes over health records in schools, and when HIPAA controls them
  • Changes to Substance Use Disorder records confidentiality under 42 CFR Part 2
  • The EU General Data Protection Regulation (GDPR) background and scope
  • Ensuring individuals have adequate access of their information under the various rules.
  • Understanding the limits on Disclosures under the various rules.
  • The place of Information Security and incident management using the HIPAA Security and Breach Notification Rules
  • Processes to be used in managing security, mitigating risks, and handling incidents
  • Proper methods of documentation and training to ensure compliance and help avoid penalties, including the use of internal audits and drills to improve compliance continuously and be prepared for incidents and enforcement investigations

Who will Benefit:

This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:

  • Compliance director
  • CEO
  • COO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Course Outline:

Day One (8:30 AM - 4:30 PM)
  • 08.30 AM - 09.00 AM: Registration
  • 09.00 AM: Session Start
  • Day one sets the stage with an overview of the healthcare information privacy and security regulations and then continues with presentation of the specifics of the HIPAA rules and recent and related rules such as 42 CFR Part 2 regarding Substance Use Disorder information, the FERPA regulations for student information held by schools, and the European Union’s General Data Protection Regulation (GDPR), including the impacts of required changes in your practices to meet the rules.

  • Overview of Privacy, Security, and Breach Notification Regulations
    • Approaches to Privacy and Security Regulations
    • Precedence in Competing Regulations
    • HIPAA, FERPA, and 42 CFR Part 2 Interactions
    • The GDPR Approach – Similarities and Differences
    • New State Laws Like GDPR, e.g. California
  • Healthcare Regulations and Patient Rights
    • Types of Entities, Entity Relationships, and Business Associates
    • The HIPAA Designated Record Set, Access, and Amendment
    • Patient Rights under 42 CFR Part 2
    • Student and Family Rights under FERPA
    • Individual Rights under GDPR
  • Healthcare Regulations and Uses and Disclosures of Protected Information
    • General Use and Disclosure Limitations for HIPAA, Part 2, GDPR, and FERPA
    • Disclosures to family and friends
    • Disclosures to providers, care coordinators, etc.
    • Disclosures to attorneys, the Attorney General’s office, etc., minors and guardian issues
    • Day-to-day disclosures
    • Training and Documentation Requirements
  • Current Hot Topics in Healthcare Privacy and Security
    • Access of Information
    • Enforcement and Audits
    • Sorting Out Regulatory Precedence
    • Implementation Issues
Day Two (8:30 AM - 12:30 PM)

    Day two begins with a detailed examination of HIPAA Security Rule and Breach Notification requirements and how they can be used to protect information under a variety of regulations, including what you need to do to protect information and what you have to do if you don’t, and the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits, all as part of a 10-step plan for reviewing and maintaining regulatory compliance.

  • Security and Breach Notification Principles
    • How the HIPAA Privacy, Security, and Breach Rules Work Together
    • Security Safeguards and The Role of Risk Analysis
    • Determining What Is a Breach and What Must Be Reported
    • Incident Management and Breach Reporting
    • Breaches, GDPR, and 42 CFR Part 2
  • Documentation, Training, Drills and Self-Audits
    • The 10-Day Regulatory Compliance Plan
    • How to Organize and Use Documentation to Your Advantage
    • Training Methods and Compliance Improvement
    • Conducting Drills in Incident Response
    • Using the HIPAA Audit Protocol for Documentation

Meet Your Instructor

Jim Sheldon Dean
Jim Sheldon-Dean
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Location :
San Francisco, CA
(Venue to be announced shortly)

January 17-18, 2019
Register Online

Register Online


Seminar One Registration

January 17-18, 2019, San Francisco, CA
(Registrations till December 18, 2018 - $899)
(Registrations After December 18, 2018 - $1299)

Early bird seats are limited and based on first-come, first-serve.

Your registration fee includes the workshop, all course materials.
For discounts on multiple registrations, contact customer care at +1-1-888-771-6965.

Register by Wire Transfer

If you wish to pay by wire transfer: Please call us at
Toll Free +1-1-888-771-6965

Download Registration Form

Yes, I want to attend "GDPR and Healthcare – What the New Rules Mean for Healthcare and How They Relate to HIPAA: In-Person Seminar"
Click here to Download Registration Form
If you are paying by check:
Checks should be payable to MetricStream Inc. (our parent company). and mailed to:
2479 E. Bayshore Road, Suite 260
Palo Alto, CA 94303

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-771-6965 or email us @


Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:

Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $150 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($150) will be transferred to any future GRC Seminars event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event GRC Seminars cancels the seminar, GRC Seminars is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:

After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:

By registering and attending GRC Seminars conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by GRC Seminars for marketing, archiving or any other conference related activities. You agree to release GRC Seminars for any kind of claims arising out of copyright or privacy violations.

Media Partners

If you wish to partner with us for this event please contact us: or call us: +1-888-771-6965.
Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.
Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions of San Francisco, CA

Think Escape Party Bus
Board a luxurious Think Escape party bus or limo and be whisked away to San Francisco's hottest nightclubs where VIP treatment brings all party bus guests to the front of the line. Planning the perfect night on the town is easy with Think Escape's fleet of luxury buses and extended vehicles, each with different amenities for socializing and transport.

Alcatraz Lunch Cruise
The Alcatraz Lunch Cruise is a luxurious way to get to see some of San Francisco’s favorite sights. A gourmet lunch buffet features options like asiago Caesar salad, bay shrimp salad, roasted chicken, garlic-herb roasted new potatoes and more. While guests enjoy lunch, they can take in views of San Francisco Bay’s flora and fauna, Angel Island and Alcatraz, and a live narration explores the history of Alcatraz. Please note that this tour doesn’t stop on Alcatraz Island.

Luxury Catamaran Sailing Cruise
A relaxing way to explore the San Francisco Bay is with the Luxury Catamaran Sailing Cruise. A drink bar and snacks are available for travelers’ enjoyment as they travel under the Golden Gate Bridge, around Alcatraz Island and even past a colony of sea lions. This is a peaceful San Francisco cruise option for families, and children under 5 ride for free.

City Kayak
City Kayak, located on San Francisco's Embarcadero close to the San Francisco Giant's ATT Park, offers a great way to experience San Francisco from Bay level, a point of view and a unique experience you'll not soon forget.

Think Escape Casino Tour San Francisco Bay Area
San Franciscans may be familiar with Think Escape's party buses that shuttle the late-night crowds to and from various city nightclubs, but the Cache Creek Casino Escape is a little-known gem among Bay Area destinations. With personal charter service on the luxurious Fantasy Limo Bus to Cache Creek Casino and Resort, the Cache Creek Casino Escape tour is a smart choice for San Franciscans looking for a little gaming fun or planning a large group activity